Last Modified: Jul 13, 2024
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
11.4.0, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11
Fixed In:
11.6.0, 11.5.2
Opened: Apr 30, 2014 Severity: 4-Minor Related Article:
K19551223
LTM Policy rule ordinal values for ensuring which rules are considered first, second, and so on, can evaluate in other than the configured order.
Unexpected policy actions might be invoked if an out-of-order rule matches the conditions.
If the ordinal value associated with a policy rule is larger than 65536, then there is potential for rules to be evaluated in a different order than expected.
Using the GUI, drag-and-drop rules into desired order, and the system saves the policy rules using within-range ordinals. Alternatively, edit the configuration to make all ordinals fall below 65536. You can do so manually, or by using a script similar to the following: perl -pe 's/000/0/ if (/ordinal\s+\d+/);' /config/bigip.conf > /config/bigip.conf.fixed. Important: Before executing a Perl script, make sure you are familiar with the kinds of changes the script generates.
Policy rules are now evaluated in the expected order.